| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Shared library add-on to iptables to add SECMARK target support. |
| 3 | * |
| 4 | * Based on the MARK target. |
| 5 | * |
| 6 | * Copyright (C) 2006 Red Hat, Inc., James Morris <jmorris@redhat.com> |
| 7 | */ |
| 8 | #include <stdio.h> |
| 9 | #include <string.h> |
| 10 | #include <stdlib.h> |
| 11 | #include <getopt.h> |
| Yasuyuki KOZAKAI | fa00a73 | 2007-07-24 07:27:02 +0000 | [diff] [blame] | 12 | #include <xtables.h> |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 13 | #include <linux/netfilter/xt_SECMARK.h> |
| 14 | |
| 15 | #define PFX "SECMARK target: " |
| 16 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 17 | static void SECMARK_help(void) |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 18 | { |
| 19 | printf( |
| Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 20 | "SECMARK target options:\n" |
| 21 | " --selctx value Set the SELinux security context\n"); |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 22 | } |
| 23 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 24 | static const struct option SECMARK_opts[] = { |
| Patrick McHardy | 0ea82bc | 2008-06-07 15:15:29 +0200 | [diff] [blame] | 25 | { "selctx", 1, NULL, '1' }, |
| Max Kellermann | 9ee386a | 2008-01-29 13:48:05 +0000 | [diff] [blame] | 26 | { .name = NULL } |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 27 | }; |
| 28 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 29 | static int SECMARK_parse(int c, char **argv, int invert, unsigned int *flags, |
| 30 | const void *entry, struct xt_entry_target **target) |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 31 | { |
| 32 | struct xt_secmark_target_info *info = |
| 33 | (struct xt_secmark_target_info*)(*target)->data; |
| 34 | |
| 35 | switch (c) { |
| 36 | case '1': |
| 37 | if (*flags & SECMARK_MODE_SEL) |
| 38 | exit_error(PARAMETER_PROBLEM, PFX |
| 39 | "Can't specify --selctx twice"); |
| 40 | info->mode = SECMARK_MODE_SEL; |
| 41 | |
| 42 | if (strlen(optarg) > SECMARK_SELCTX_MAX-1) |
| 43 | exit_error(PARAMETER_PROBLEM, PFX |
| 44 | "Maximum length %u exceeded by --selctx" |
| 45 | " parameter (%zu)", |
| 46 | SECMARK_SELCTX_MAX-1, strlen(optarg)); |
| 47 | |
| 48 | strcpy(info->u.sel.selctx, optarg); |
| 49 | *flags |= SECMARK_MODE_SEL; |
| 50 | break; |
| 51 | default: |
| 52 | return 0; |
| 53 | } |
| 54 | |
| 55 | return 1; |
| 56 | } |
| 57 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 58 | static void SECMARK_check(unsigned int flags) |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 59 | { |
| 60 | if (!flags) |
| 61 | exit_error(PARAMETER_PROBLEM, PFX "parameter required"); |
| 62 | } |
| 63 | |
| 64 | static void print_secmark(struct xt_secmark_target_info *info) |
| 65 | { |
| 66 | switch (info->mode) { |
| 67 | case SECMARK_MODE_SEL: |
| 68 | printf("selctx %s ", info->u.sel.selctx);\ |
| 69 | break; |
| 70 | |
| 71 | default: |
| 72 | exit_error(OTHER_PROBLEM, PFX "invalid mode %hhu\n", info->mode); |
| 73 | } |
| 74 | } |
| 75 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 76 | static void SECMARK_print(const void *ip, const struct xt_entry_target *target, |
| 77 | int numeric) |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 78 | { |
| 79 | struct xt_secmark_target_info *info = |
| 80 | (struct xt_secmark_target_info*)(target)->data; |
| 81 | |
| 82 | printf("SECMARK "); |
| 83 | print_secmark(info); |
| 84 | } |
| 85 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 86 | static void SECMARK_save(const void *ip, const struct xt_entry_target *target) |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 87 | { |
| 88 | struct xt_secmark_target_info *info = |
| 89 | (struct xt_secmark_target_info*)target->data; |
| 90 | |
| 91 | printf("--"); |
| 92 | print_secmark(info); |
| 93 | } |
| 94 | |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 95 | static struct xtables_target secmark_target = { |
| Jan Engelhardt | 23545c2 | 2008-02-14 04:23:04 +0100 | [diff] [blame] | 96 | .family = AF_UNSPEC, |
| Yasuyuki KOZAKAI | fa00a73 | 2007-07-24 07:27:02 +0000 | [diff] [blame] | 97 | .name = "SECMARK", |
| Jan Engelhardt | 8b7c64d | 2008-04-15 11:48:25 +0200 | [diff] [blame] | 98 | .version = XTABLES_VERSION, |
| Yasuyuki KOZAKAI | fa00a73 | 2007-07-24 07:27:02 +0000 | [diff] [blame] | 99 | .revision = 0, |
| 100 | .size = XT_ALIGN(sizeof(struct xt_secmark_target_info)), |
| 101 | .userspacesize = XT_ALIGN(sizeof(struct xt_secmark_target_info)), |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 102 | .help = SECMARK_help, |
| 103 | .parse = SECMARK_parse, |
| 104 | .final_check = SECMARK_check, |
| 105 | .print = SECMARK_print, |
| 106 | .save = SECMARK_save, |
| 107 | .extra_opts = SECMARK_opts, |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 108 | }; |
| 109 | |
| 110 | void _init(void) |
| 111 | { |
| Jan Engelhardt | 932e648 | 2007-10-04 16:27:30 +0000 | [diff] [blame] | 112 | xtables_register_target(&secmark_target); |
| Patrick McHardy | ff96830 | 2006-05-24 16:15:03 +0000 | [diff] [blame] | 113 | } |